In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to...
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract...
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. Date published...
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. Date published : 2021-01-19...
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. Date published : 2021-01-19 http://packetstormsecurity.com/files/161276/Pixelimity-1.0-Cross-Site-Request-Forgery.html https://github.com/pixelimity/pixelimity/issues/20
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. Date published : 2021-01-19 http://anchorcms.com/ http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html
Bleichenbacher’s attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher’s oracle attack to decrypt an encrypted ciphertext...
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. Date published : 2021-01-19 https://github.com/EmreOvunc/OpenEMR_Vulnerabilities
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. Date published : 2021-01-19 https://emreovunc.com/blog/en/vtiger_crm_directorylisting_01.png https://emreovunc.com/blog/en/vtiger_crm_directorylisting_02.png
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. Date published...
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. Date published :...
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. Date published : 2021-01-19 https://emreovunc.com/blog/en/FHEM-v6.0-LFI-Vulnerability-01.png https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. Date published : 2021-01-19 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/ https://security.gentoo.org/glsa/202107-55
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. Date published : 2021-01-19 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/ https://security.gentoo.org/glsa/202107-55